svn commit: r239598 - head/etc/rc.d
David O'Brien
obrien at FreeBSD.org
Tue Sep 4 22:01:28 UTC 2012
On Sun, Sep 02, 2012 at 03:57:13PM -0700, Doug Barton wrote:
> On 08/22/2012 16:37, David E. O'Brien wrote:
> > Author: obrien
> > Date: Wed Aug 22 23:37:24 2012
> > New Revision: 239598
> > URL: http://svn.freebsd.org/changeset/base/239598
> >
> > Log:
> > * Reinstate r128059's consumption of our best entropy first.
> > r128060 for "hardware-supplied entropy" reversed this without reason,
> > seems a typo.
>
> I object to this change as well, although mostly for sentimental
> reasons. :)
Hi Doug,
Hope you had a good Labor Day Holiday.
I'm sorry I didn't see your messages before I committed another change to
this file (r240108). I had it ready to commit last Thursday night, but
didn't want to commit it before being AFK over the holiday.
> It's also dubious whether the static /entropy file is
> really the "best" option at that point, since the "better than nothing"
> entropy at least contains some elements that have the potential to be
> different at boot time.
I may be misreading. Are you suggesting you don't have much faith that
there is a good amount of entropy in the saved "/entropy" as produced by
/dev/random?
> > * Isolate "better than nothing" implementation to a function.
>
> We generally don't extract code that's only run once into a function,
> and my stylistic preference is that we do not do that.
I'll go thru your messages and take a look at your diff.
I think what I committed is a better abstraction.
I think the name of the function helps drive the point that that entropy
gathering isn't all that good, and makes reading the logic flow of the
code easier to read.
--
-- David (obrien at NUXI.org)
More information about the freebsd-security
mailing list